# Filters added to this controller apply to all controllers in the application.
# Likewise, all the methods added will be available for all controllers.

class ApplicationController < ActionController::Base
  helper :all # include all helpers, all the time

  # See ActionController::RequestForgeryProtection for details
  # Uncomment the :secret if you're not using the cookie session store
  protect_from_forgery :secret => 'ea2694df7c8256ee521e44e32caf0e15'

  before_filter :check_authorization_cookie

  private 

  def authorize
    unless User.find_by_id(session[:user_id])
      session[:original_uri] = request.request_uri
      flash[:notice] = "Please log in"
      redirect_to(:controller => "user" , :action => "login" )
    end
  end
  
  # Check for a valid authorization cookie, possibly logging the user in.
  def check_authorization_cookie
    authorization_token = cookies[:authorization_token]
    if authorization_token and not session[:user_id]
      user = User.find_by_authorization_token(authorization_token)
      if user
        session[:user_id] = user.id
      end
    end
  end

end
